Abstract
Vulnerability scanning tools can help secure the computer networks of organisations. Triggered by the release of the Tsunami vulnerability scanner by Google, the authors analysed and compared the commonly used, free-to-use vulnerability scanners. The performance, accuracy and precision of these scanners are quite disparate and vary accordingly to the target systems. The computational, memory and network resources required be these scanners also differ. We present a recent and detailed comparison of such tools that are available for use by organisations with lower resources such as small and medium-sized enterprises.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aksu, M.U., Altuncu, E., Bicakci, K.: A first look at the usability of openvas vulnerability scanner. In: Workshop on Usable Security (USEC) 2019. NDSS (2019)
Ali, A.B.M., Abdullah, M.S., Shakhatreh, A.Y.I., Alostad, J.: SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks. Procedia Comput. Sci. 3, 453–458 (2011)
Amankwah, R., Chen, J., Kudjo, P.K., Towey, D.: An empirical comparison of commercial and open-source web vulnerability scanners. Softw. Pract. Exp. 50(9), 1842–1857 (2020)
Austin, A., Williams, L.: One technique is not enough: a comparison of vulnerability discovery techniques. In: 2011 International Symposium on Empirical Software Engineering and Measurement, pp. 97–106. IEEE (2011)
Chimmanee, S., Veeraprasit, T., SriphREw, K., Hemanidhi, A.: A performance comparison of vulnerability detection between netclarity auditor and open source nessus. In: Proceeding of the 3rd European Conference of Communications (ECCOM 2012), pp. 280–285 (2012)
Cimpanu, C.: Google open sources Tsunami vulnerability scanner. ZDNet, July 2020. https://www.zdnet.com/article/google-open-sources-tsunami-vulnerability-scanner/
The MITRE Corporation: Common Vulnerabilities and Exposures (CVE). https://cve.mitre.org/. Accessed 10 Feb 2020
Daud, N.I., Bakar, K.A.A., Hasan, M.S.M.: A case study on web application vulnerability scanning tools. In: 2014 Science and Information Conference, pp. 595–600. IEEE (2014)
Doupé, A., Cova, M., Vigna, G.: Why Johnny can’t Pentest: an analysis of black-box web vulnerability scanners. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 111–131. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14215-4_7
Fonseca, J., Vieira, M., Madeira, H.: Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks. In: 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007), pp. 365–372. IEEE (2007)
Holm, H.: Performance of automated network vulnerability scanning at remediating security issues. Comput. Secur. 31(2), 164–175 (2012)
Holm, H., Sommestad, T., Almroth, J., Persson, M.: A quantitative evaluation of vulnerability scanning. Inf. Manag. Comput. Secur. 19(4), 231–247 (2011)
Kals, S., Kirda, E., Kruegel, C., Jovanovic, N.: Secubat: a web vulnerability scanner. In: Proceedings of the 15th International Conference on World Wide Web, pp. 247–256 (2006)
Kushe, R.: Comparative study of vulnerability scanning tools: Nessus vs Retina. Secur. Future 1(2), 69–71 (2017)
Mburano, B., Si, W.: Evaluation of web vulnerability scanners based on owasp benchmark. In: 2018 26th International Conference on Systems Engineering (ICSEng), pp. 1–6. IEEE (2018)
Qianqian, W., Xiangjun, L.: Research and design on web application vulnerability scanning service. In: 2014 IEEE 5th International Conference on Software Engineering and Service Science, pp. 671–674. IEEE (2014)
Rapid7: Free Nexpose Community 1-Year Trial. https://www.rapid7.com/info/nexpose-community
Tenable: Nessus Vulnerability Assessment Tool. https://www.tenable.com/products/nessus. Accessed 10 Feb 2020
Wang, Y., Yang, J.: Ethical hacking and network defense: choose your best network vulnerability scanning tool. In: 2017 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 110–113 (2017)
Welberg, S.: Vulnerability management tools for cots software-a comparison. Hg. v. University of Twente (2008). https://research.utwente.nl/files/5101819/Vulnerability_management_tools_for_COTS_software_-_a_comparison_v2.1.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 IFIP International Federation for Information Processing
About this paper
Cite this paper
Araújo, R., Pinto, A., Pinto, P. (2021). A Performance Assessment of Free-to-Use Vulnerability Scanners - Revisited. In: Jøsang, A., Futcher, L., Hagen, J. (eds) ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, vol 625. Springer, Cham. https://doi.org/10.1007/978-3-030-78120-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-78120-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-78119-4
Online ISBN: 978-3-030-78120-0
eBook Packages: Computer ScienceComputer Science (R0)
